I've been looking at a lot of different technical security architectures for network providers. Obviously many providers keep their security secret, so they may or may not have a decent security architecture. Nevertheless there is still a lot of good information available from government agency networks, academics and vendors. The best network service provider security architecture document First Place: Information Assurance Technical Framework Second Place: The ESNET unclassified Security Plan Third Place: University of Washington Network Security Credo
From the IATF document http://www.iatf.net/
5.1 Availability of Backbone Network I would disagree about item #3, IP is a datagram service, and does not protect against delay or packet drops (see item #1). Otherwise this is a decent list of functional security requirements for most Internet backbone providers. Its short, but covers the big items. 1. BNs must provide an agreed level of responsiveness, continuity of service and resistance to accidental or intentional corruption of the communications service. (The agreement is between the owners of the network and the users of the network.) 2. BNs are not required to provide security services of user data (such as confidentiality and integrity)that is the user's responsibility. 3. BNs must protect against the delay, misdelivery, or nondelivery of otherwise adequately protected information. 4. BNs, as a part of the end-to-end information transfer system, must provide the service transparently to the user. 5. As part of the transparency requirement, the BN must operate seamlessly with other backbones and local networks.